2014 in security: The biggest hacks, leaks, and data breaches

U.S. security contractor vetting firm hit by breaches

A contractor for U.S. Homeland
Security suffered a data breach, leading to the leak of personal information on
employees. The private company, USIS, conducts
background checks on behalf of the government agency. USIS came under fire
for being the firm that vetted Edward Snowden. The U.S. Justice Dept. also accused
the company of faking more than half-a-million background checks.

Published: December 28, 2014 -- 14:32 GMT (06:32 PST)

Photo by: U.S. Postal Service

Caption by: Zack Whittaker

Sony attack leads to massive data grab

Sony’s systems were thrown into disarray in late November after
unknown assailants hijacked computers.

The FBI concluded its investigation, saying North Korea was “responsible.”
Since then, numerous stories about the company’s executives and Hollywood elite
surfaced, including critical remarks about President Obama -- even the celebrities of the movies Sony produces.

Published: December 28, 2014 -- 14:32 GMT (06:32 PST)

Photo by: CNET/CBS Interactive

Caption by: Zack Whittaker

JPMorgan credit card hack

When news broke that hackers
attacked JPMorgan’s systems, the message was that it “could’ve
been worse”. Tens of millions of Chase customers were affected by the data
breach -- even if their bank accounts weren’t affected. The attack is said to
have affected
around 80 million U.S. households, and 7 million small to medium-sized
businesses, making it one of the largest in history. The FBI’s investigation
is continuing into attempts on other financial institutions.

Published: December 28, 2014 -- 14:32 GMT (06:32 PST)

Photo by: CBSNews.com

Caption by: Zack Whittaker

USB security hosed, computers ruined

Researchers this year warned hat an
exploit dubbed “BadUSB” can transform keyboards, flash drives, and other
USB-connected devices into
attack platforms that can evade modern anti-malware programs. The flaw can
even be used to infect and replace a computer’s BIOS, making trusted -- even non-Internet
connected “airgapped” computers -- vulnerable to attack.

Published: December 28, 2014 -- 14:32 GMT (06:32 PST)

Photo by: CNET/CBS Interactive

Caption by: Zack Whittaker

Chinese hacked U.S. weather systems

Chinese hackers earlier this year
broke into four websites belonging to the U.S. federal agency overseeing
weather systems. The U.S. National Oceanic and Atmospheric Administration
carries weather data and satellite feeds to its websites. But those
services were shut down by the agency for more than a week following the
hack. The agency said it was “unscheduled maintenance,” but one congressman
said the agency covered it the attack.

Published: December 28, 2014 -- 14:32 GMT (06:32 PST)

Photo by: CNET/CBS Interactive

Caption by: Zack Whittaker

Celebrity data leaked amid alleged iCloud hack

A significant leak of private
photos from Hollywood celebrities landed occurred earlier this year, as a
result of using
"brute force" methods on targeted iCloud accounts. Over a hundred
nude photos, some extremely explicit, were posted in total on the infamous
discussion board 4chan during that weekend. Apple denied
any breach of its systems, but bolstered its security in the wake of the attack.

Published: December 28, 2014 -- 14:32 GMT (06:32 PST)

Photo by: CNET/CBS Interactive

Caption by: Zack Whittaker

The Intercept releases Belgacom state-sponsored malware

Perhaps one of the most public
state-sponsored hacking attacks in recent history, news emerged this year that
the U.S. and British governments were
behind a targeted attack on a Belgian internet provider that served much of
the European Union’s executive. The so-called
Regin malware was discovered around a year later. It was not long before
the pieces of the jigsaw were put together. The Intercept, a website set up to
publish the Snowden leaks, released the malware’s code.

Published: December 28, 2014 -- 14:32 GMT (06:32 PST)

Photo by: Wikimedia Commons

Caption by: Zack Whittaker

U.S. Postal Service networks hit, employee data grabbed

Unknown assailants attacked
the U.S. postal system’s networks -- blame was quickly rested on China. Data
of more than 800,000 employees has been compromised, including Social Security
number and postal addresses. The news broke as both U.S. and Chinese leaders
met in Beijing to discuss, among many items on the agenda, cybersecurity and
state-sponsored hacking.

Published: December 28, 2014 -- 14:32 GMT (06:32 PST)

Photo by: U.S. Postal Service

Caption by: Zack Whittaker

Snapchat data posted on 4chan after backup hack

Around 13 gigabytes of data --
including photos and videos -- were pilfered by hackers, which eventually made
its way to image sharing site 4chan. Known as “The Snappening,” shady
backup services that were said to store
snaps indefinitely quickly became the focus of blame. Snapchat cautioned
its 100 million active users to
stay away from such unauthorized services.

Published: December 28, 2014 -- 14:32 GMT (06:32 PST)

Photo by: CNET/CBS Interactive

Caption by: Zack Whittaker

One tweet can lead to a back account hack

One inane tweet from mid-2012 was
enough to start
a chain reaction of information gathering that could have rivaled the work
of a government intelligence agency. The target
in question may not have been a chief executive, a rock star, or a
celebrity, or a government employee with access to state secrets. But it was enough
to throw that privacy-conscious person off base.

Published: December 28, 2014 -- 14:32 GMT (06:32 PST)

Photo by: via CNET

Caption by: Zack Whittaker

Target breach woes spread into 2014

An estimated 110 million records
were pilfered from the company, announced at the end of 2013, but spread
well into 2014. The brick-and-mortar and online retailer said its U.S.
sales were
“meaningfully weaker.” The company’s chief information officer, tasked with
internal security, resigned three months into the new year. The total cost of
the breach hit
$110 million by the mid-year.

Published: December 28, 2014 -- 14:32 GMT (06:32 PST)

Photo by: Target

Caption by: Zack Whittaker

European Central Bank hit by data breach

The central bank monitoring and
overseeing the Eurozone in Europe suffered a security breach earlier this year
that led to the theft
of personal data. No internal systems or market sensitive data were
compromised, but email and postal addresses, along with phone numbers were
stolen.

Published: December 28, 2014 -- 14:32 GMT (06:32 PST)

Photo by: Wikimedia Commons

Caption by: Zack Whittaker

eBay hit by whopping 145 million user data breach

In a shocking breach revealed in
May, more
than 145 million users were affected by a massive hack of eBay’s systems,
including email and postal addresses, and login credentials. Financial data was
not stolen. The UK’s data watchdog launched
a probe into the breach. Months after the breach, eBay said it took
a $200 million hit to its annual revenue as a result the security breach.

Spotify warns of “unauthorized access”

Android users of Spotify were
warned to upgrade after an isolated incident led to the breach of just
one user’s data. Despite not having any financial or payment information
taken, the company contacted the individual. Spotify has an estimated 40
million users. Android users were also warned to update, leaving some to
speculate the app was to blame.

Hundreds of millions of records have been stolen this year through hacks and data breaches as a result of poor, or flawed security. Here are the most notable stories of the year.

Read MoreRead Less

U.S. security contractor vetting firm hit by breaches

A contractor for U.S. Homeland
Security suffered a data breach, leading to the leak of personal information on
employees. The private company, USIS, conducts
background checks on behalf of the government agency. USIS came under fire
for being the firm that vetted Edward Snowden. The U.S. Justice Dept. also accused
the company of faking more than half-a-million background checks.